Target actually ‘sets the bar’ for credit card security

Gregg Steinhafel, ousted as CEO today, had pushed for the latest technology

Target Corp. ousted CEO Gregg Steinhafel over the department-store chain’s massive data breach around the holidays. The irony is that the Minneapolis-based company is leading the way in upgrading payment security for consumers.

Target
TGT, +0.07%
last month said its program to implement chip-and-PIN technology for its store-branded credit cards would be accelerated and completed by early 2015. It was “in the works” long before the December data breach, which affected 40 million customers, Molly Schneider, a company spokeswoman, said today.

The holiday hacking dramatically highlighted the need for the U.S. to move toward the Europay MasterCard and Visa, or EMV, standard for credit card payment processing. Headlines make the obvious point that the U.S. is 20 years behind Europe in putting chip technology in place. But the reason the Europeans went with the chip system was that “initially, their networks couldn’t handle real-time authentication,” the way U.S. networks could, according to FBR analyst Scott Valentin.

“Now fraud has caught up and it is easier for criminals to replicate magnetic strips,” the analyst said in a phone interview today.

Before the Target data theft made it clear that time was being wasted, card processors, merchants and retailers had been arguing over whether to switch to a chip-and-signature security model or to chip-and-PIN, which is even more secure. The companies running processing networks, including Visa Inc.
V, -0.08%
MasterCard Inc.
MA, -0.14%
American Express Co.
AXP, +0.54%
and Discover Financial Services
DFS, +1.26%
are pushing for a chip-and-signature system to be in place across the U.S. by the end of 2015. They are doing this by shifting fraud liability to retailers.

“The retailers prefer chip and PIN, because the chance of fraud goes down. The networks are agnostic, but the issuers would prefer to have the process be as similar as possible to today’s card, and therefore prefer chip and signature,” according to Valentin.

Wal-Mart Stores Inc.
WMT, +0.30%
has already implemented a chip-and-signature system. There is a small learning curve for the customer. After swiping the card, the customer is directed to insert it in another slot under the card reader, so the chip can be read as the transaction is processed.

“Our terminals are already capable of accepting chip-and-PIN technology, so if card technologies are upgraded to EMV chip cards, our systems will be able to process transactions. Walmart installed EMV-capable terminals about eight years ago,” spokesman Randy Hargrove wrote in an email. “Today, about 2,000 of our U.S. stores are enabled and accepting EMV cards, with the rest of Walmart’s U.S. stores scheduled to be activated by the end of the year.”

In addition to implementing chip-and-PIN verification for its store-branded cards, Target will complete the installation of devices for the use of chip-and signature and chip-and-PIN verification for non-Target credit cards in September, with the software in place in early 2015, according to Target’s Schneider.

Before the Target data breach, some merchants had lobbied for the use of cloud technology. That would eliminate the need to make expensive equipment purchases. A mobile solution for secured payments could also be used by retailers to market their products, providing some return on investment, rather than just raising expenses. That is especially important to small retailers.

“The Target decisions have set the bar for the entire industry,” Valentin said, and consumers can expect a flurry of changes over the next two years as the payments system is made more secure. Or less insecure.

My own experience with two credit card issuers following the Target data breach was that one quickly issued a new chip-enabled card, while the other issuer did nothing. Guess which card I prefer to use?

Many smaller retailers will regret the “intermediate step” toward greater payment-processing security, but it has to be done. Eventually, we will be able to make secure payments using smartphones. We won’t even have to wait in lines.

But we’re not quite there yet.

(This article has been updated with additional information about Wal-Mart’s EMV technology.)

Intraday Data provided by SIX Financial Information and subject to terms of use.
Historical and current end-of-day data provided by SIX Financial Information.
All quotes are in local exchange time. Real-time last sale data for U.S. stock quotes reflect trades reported through Nasdaq only.
Intraday data delayed at least 15 minutes or per exchange requirements.